Well this was a JWT compromise, I think, but even still people use really bad passwords all the time. A salt is stored with the user record. The salt’s job is to invalidate rainbow tables. If you have a collection of a million bad passwords you can check them all salted in a second or two. Obviously that’ll depend on the hashing algorithm to an extent.
Is salting password hashes so unknown that neither the lemmy devs nor the kbin dev(s?) have implemented it?
Well this was a JWT compromise, I think, but even still people use really bad passwords all the time. A salt is stored with the user record. The salt’s job is to invalidate rainbow tables. If you have a collection of a million bad passwords you can check them all salted in a second or two. Obviously that’ll depend on the hashing algorithm to an extent.